Forums | Mahara Community
Developers
/
Weird redirect loop with CAS authentication and externallogin wantsurl
22 December 2015, 5:15
Hi all,
I'm a bit clueless about a weird problem we have in our Mahara instance which leads to a redirect loop error when authenticating with CAS (non-core plugin).
Here's the problem:
- When not authenticated and accessing certain pages that have query string like "group/view.php?id=1" or "user/view.php?id=12", the user is directed to the CAS authentication page but when returning to Mahara (wantsurl), he get stuck in a redirection loop.
Here's what I found:
- The problem is not happening if you're accessing a page that do not have query string like "group/mygroups.php" or "view/index.php".
- The problem is related to the fact that when you access the page, "&login" is appended to the URL. If you remove this param from query string when you are in the cas authentication page, the error is not happening and you are redirected to the page in Mahara.
- The following modification to remove "login" param in the "wantsurl" URL in "auth/lib.php" is fixing the problem:
diff --git a/htdocs/auth/lib.php b/htdocs/auth/lib.php
index b4d5a39..e938e11 100644
--- a/htdocs/auth/lib.php
+++ b/htdocs/auth/lib.php
@@ -1132,7 +1132,8 @@ function auth_draw_login_page($message=null, Pieform $form=null) {
$externallogin = get_config('externallogin');
if ($externallogin) {
- $externallogin = preg_replace('/{shorturlencoded}/', urlencode(get_relative_script_path()), $externallogin);
+ $shorturl = preg_replace('/(?|&)login/', '', get_relative_script_path());
+ $externallogin = preg_replace('/{shorturlencoded}/', urlencode($shorturl), $externallogin);
$externallogin = preg_replace('/{wwwroot}/', get_config('wwwroot'), $externallogin);
redirect($externallogin);
}
Mahara instance configurations:
- Mahara version : 15.04.5
- CAS plugin version : Latest
- Externallogin in config.php : $cfg->externallogin = '/auth/cas/?wantsurl={shorturlencoded}';
I was wondering if anyone has any clues about that and/or are experiencing the same problems? Do you think the proposed fix makes sense or should it be elsewhere in the code? Some feedbacks would be great before submitting something to the bug tracker.
Your help would be much appreciated! Thanks in advance!
J-P
23 December 2015, 12:20
Hi Jean-Philippe,
Mhh. We haven't experienced this problem on a site where we have CAS. Would be good to hear from others who are using the plugin if they experience your problem and if the plugin should be changed.
Cheers
Kristina
05 January 2016, 11:05
I note that looking at one of the clients that uses CAS for authentication the 'externallogin' config variable has the full url to the cas/index.php file - I wonder if that makes a difference?
06 January 2016, 4:41
Thanks for your feedbacks!
I just tried externallogin with the following URL and I still have the same redirect loop :
$cfg->externallogin = '/auth/cas/index.php?wantsurl={shorturlencoded}'
Can you check with your clients that uses CAS if they can reproduce the problem? Here are the steps :
- Without being previously connected to CAS (Close the browser to be sure), Access the following page : "https://mymahara/user/view.php?id=X" (Where X is the id of a page visible to the user you're connecting with)
- You should be redirected to the CAS authentication page.
- Log in with a valid user
- You should see a redirection loop error from the browser
Thanks a lot!
06 January 2016, 8:42
Hi Jean-Philippe,
Ok first off I wasn't quite clear when I said full url. What I mean was you would have:
$cfg->externallogin = 'https://mymahara//auth/cas/index.php?wantsurl={shorturlencoded}'
Also I experienced this issue and needed to alter the cas/index.php when I had the redirect problem, can you check that your version has these changes to it:
Let me know if any of that helps.
Cheers
Robert
06 January 2016, 10:42
Hi Robert,
Unfortunately I just tried the full URL and still the same loop after the logging in with CAS.
I already have the master version from patrick pollet repo with changes you made.
Note that, as I said in my initial post, this is really specific to pages with query string in the URL (Pages, groups, forums, posts etc).
Thanks again!
06 January 2016, 11:33
Hi Jean-Philippe,
Hmm, do you have any other redirects in place like clean urls thay maybe causing the redirect looping?
08 January 2016, 4:03
Hi Robert,
I'm not sure what you mean exactly by clean URLs. You mean if I done any other modifications to the core code?
For your info, I just made a test with latest master version (16.04dev) with only the following modifications and I was able to reproduce the problem :
- Integrating latest master version of CAS plugin from patrick pollet repo and configuring authentication with our CAS client
- Adding to config.php : $cfg->externallogin = 'https://mymahara/auth/cas/index.php?wantsurl={shorturlencoded}'
The only thing I see that could be the source of the problem, other than the Mahara / CAS plugin, would be the CAS client itself. That is why I wanted to know if any other CAS users can reproduce the problem.
Thanks!